Description
Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the application's core from localhost.
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Tribe29 | Checkmk | unaffected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
No data.
No data available yet.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2022-50654 | Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the application's core from localhost. |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Tribe29
Published:
Updated: 2024-08-03T15:02:36.627Z
Reserved: 2023-01-18T15:49:58.108Z
Link: CVE-2022-47909
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-02-20T17:15:12.230
Modified: 2024-11-21T07:32:31.063
Link: CVE-2022-47909
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses